A few weeks back I wrote about creating better pilot rings within a MEMCM environment. Because of the feedback and some projects I transferred the solution for Intune only environments.
Key Features
- Scope to specific device Azure AD groups (Only Apps and HW models of devices in this collection are validated)
- Specify already tested scenarios by device Azure AD groups (Apps and HW models are marked as already tested.)
- Automatic provisioning of pilot Azure AD group (Scheduled tasks can be used to execute the script in scheduled intervals)
- Changes to pilot Azure AD group by not removing old id's.
Prerequisites
- App Registration in Azure AD with the following Scopes and a certificate as secret:
- Azure AD group for Pilot (I recommend for testing purposes to create a new group without any deployments)
Configuration
- First you need to download the solution from GitHub which consist of one files(Invoke-PilotDeviceSelection.ps1).
- Customizing the PowerShell Script. Modify the variables in the “Manual Variable Definition” section of the script. Each variable has a short explanation within the script:
## Manual Variable Definition
########################################################
# MSGraph Access
##############
$clientId = "9b4e0380-6265-4e20-8f74-d741b0b54277"
$tenantId = "b4a07665-d9a0-4e3f-b25b-401e5c95634e"
$authcert = Get-Item Cert:\CurrentUser\My\B6B38C1E0D61B595A8E723F9F61212B9ECC045AF
# Groups
##############
# Define a group which contains all devices which should be
# in focus for the pilot. Only apps installed on these devices and
# hardware models of these devices will be used for the calculation.
$AADGroupId_InScope = "ee2fbcf2-37e1-4bb6-9892-72f94b3f5cae"
# Define the group where the pilot devices should be added. During testing you can just specify
# a new empty group.
$AADGroupId_Pilot = "f6bf1821-9ed5-4012-a7fd-a331ac404fb9"
# Optionally you can define a group which contains devises which
# are in earlier stages already targeted. These devices (the apps
# installed and hardware models) will be marked as already tested.
$AADGroupId_Insider = "7eed8520-dbbb-4c0b-9d0c-7591ffea11ea"
# Model Selection
##############
# How many devices per model should be in Pilot ring?
$DevicesPerModel = 1
# How man devices of a model need to be in use to be in focus for the pilot?
$MinDeviceModelCount = 1
# App Selection
##############
# How many devices per app should be in Pilot ring?
$DevicesPerApp = 1
# How man installations of a app are need to be in focus for the pilot?
$MinInstallCount = 1
# Do you want to exclude specific apps? Specify the exact name as the app is written in the detectedApps.
$ExcludedApps = @("microsoft.windowscommunicationsapps")
When all variables are adjusted you can execute the script and the pilot group will be provisioned.
Principal Security Consultant | MVP at baseVISION AG
I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past ten years. I love to push and design the modern workplace based on Microsoft 365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.
Latest posts by Thomas Kurth (see all)
- Exploring Baden, Switzerland: An Evening Guide for Workplace Ninjas Conference Attendees - August 15, 2023
- Unveiling a new version of M365Documentation PowerShell Module: Creating Markdown Documentation with Ease - July 22, 2023
- Microsoft Purview Information protect predefined permission groups demystified - February 28, 2023
0 Comments